CVE-2005-0710 Information

Description

MySQL 4.0.23 and earlier and 4.1.x up to 4.1.10 allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table which is processed by the udf_init function.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://marc.info/?l=bugtraq&m=111065974004648&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1 http://www.debian.org/security/2005/dsa-707 http://www.gentoo.org/security/en/glsa/glsa-200503-19.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:060 http://www.novell.com/linux/security/advisories/2005_19_mysql.html http://www.redhat.com/support/errata/RHSA-2005-334.html http://www.redhat.com/support/errata/RHSA-2005-348.html http://www.securityfocus.com/bid/12781 http://www.trustix.org/errata/2005/0009/ https://exchange.xforce.ibmcloud.com/vulnerabilities/19658 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10180 https://usn.ubuntu.com/96-1/